Choose from any of our reports and we will be happy to send it/them to you via email at no cost.

MA Privacy Law Deadline Looms

All Companies Regardless Of Size Need A Compliance Plan

By 1-1-10 every Massachusetts employer (and any out-of-state company that handles certain MA citizens’ records) will have to have a security plan and be acting on it.

The law is Chapter 93H of the Mass General Laws, “Security Breaches.” It lays out the principle behind the law, adds compliance regulations and specifies penalties for non-compliance.

The provisions apply to “all persons that own, license, store or maintain personal information about a resident of Massachusetts.” “Personal information” is defined as first and last name or first initial and last name in combination with social security number, driver’s license number or financial account number.

The law requires every subject company or person to develop, implement, maintain and monitor a “comprehensive written information security program.” The regulations contain twelve sub-categories with requirements in the following areas:

  1. Administrative
  2. Technical
  3. Physical

The technical safeguards specify certain computer security protocols including authentication, authorization, encryption, firewall and patches, virus protection and access blocking.

The plan must be in place by January 1, 2010.

Licata Risk Advisors can provide a turn-key solution to the compliance effort for you, including the computer security piece (in conjunction with a computer security firm with whom we have a working relationship and are enlisting for this project). If you have an IT department that can handle that aspect, we will work with you to develop the compliance program in conjunction with your IT department.

 

May 06, 2009

Licata Risk Licata Risk & Insurance Advisors, Inc.
137 South Street, Second Floor
Boston, MA 02111-2848
617-451-2140     [email protected]
LicataRisk Advisors is an independent risk management and insurance consulting firm. We are not brokers and we do not sell insurance. We are not connected to any insurance company or product in any way and do not receive commissions. This is an important difference as you will have an expert on your side who is only committed to you.

Licata Risk is not a law firm and does not practice law. General advice and contract input by the consultants, including those who are attorneys, is to provide insight into the risk and insurance aspects. Your attorney should be the final authority on any legal matter.